Food, Security

Is that rocket-fuel in your baby’s milk?

Leave a comment

An MD named Anila Jacob recently testified in the US House about the impact on infants from perchlorate (solid rocket fuel used in explosives and rocket propellants) now found in drinking water and food in many U.S. cities.

The EPA has studied and been warned about this in the past:

Perchlorate a powerful oxidant used in solid rocket fuels by the military and aerospace industry has been detected in public drinking water supplies of over 11 million people at concentrations of at least 4 parts per billion (ppb).

Apparently Illinois Congressman John Shimkus challenged Dr. Jacob’s testimony by saying the financial burden of cleaning up America’s water would be too burdensome for corporations like Lockheed Martin and the US should indefinitely delay definition of a contaminant level.

The Doctor’s response to Shimkus is notable:

Congress’s first concern ought to be the health of the nation’s children who are forced to drink rocket fuel in their tap water.

Is Shimkus really more concerned about the security of Lockheed Martin’s profits than the health and safety of US citizens? One would think he would realize that the security of the country is closely tied to a clean environment. I don’t buy the argument that more data is required before setting a limit since the health risks are documented while the source data is intentionally obscured:

Production and use estimates of perchlorate are hard to come by: the military considers the numbers secret, and fertilizer producers won’t share them, saying they are proprietary information.

For what it is worth, it turns out Shimkus is not exactly the sort of man who carries a strong sense of ethics, or even stands by his own words:

Shimkus announced in September 2005 that he will run for reelection in 2008, despite making a pledge when first elected in 1996 not to stay in office for more than 12 years. He said he will run for a seventh term in 2008 if he wins re-election in 2006. “It was a mistake at the time,” he said about his 1996 campaign promises. “Unless everyone plays by the same rules, term limits don’t make sense.”

Uh, it’s ok to do the wrong thing if other people are doing it too? Maybe Shimkus will run a campaign on “I’ll allow toxins in every cup”. Or maybe he should continue his pro-life stance with “abortion is wrong, but intentionally poisoning your baby is ok if it keeps defense and aerospace companies profitable.” I can see my ethics professor rolling his eyes and pulling on his hair in frustration. Clearly US national security is most at risk from exactly this kind of malfeasance.

Poetry, Security

forgot to remember to forget

Leave a comment

These lyrics by Stan Kesler and Charlie Feathers always remind me of passwords:

I forgot to remember to forget her,
I can’t seem to get her off my mind.
I thought I’d never miss her,
But I’ve found out somehow
I think about her almost all the time.

Well the day she went away
I made myself a promise
That I’d soon forget we’d ever met.
But something sure is wrong
‘cos I’m so blue and lonely:
I forgot to remember to forget.

Well the day she went away
I made myself a promise
That I’d soon forget we’d ever met.
But something sure is wrong
‘cos I’m so blue and lonely:
I forgot to remember to forget

Or would it be better to compare to 3DES?

Security

UK sends prince to Iraq

Leave a comment

Many things related to history come to mind when reading the news about the English sending a Prince to fight in Iraq:

Critics have suggested the risks to the prince are too great but others have claimed that insurgents will not be able to ascertain exactly where he has been deployed.

But perhaps most distressing is a comparison of this news with the ongoing updates about another celebrity who was deployed to Afghanistan:

Within hours of Pat Tillman’s death, the Army went into information-lockdown mode, cutting off phone and Internet connections at a base in Afghanistan, posting guards on a wounded platoon mate, and ordering a sergeant to burn Tillman’s uniform.

New investigative documents reviewed by The Associated Press describe how the military sealed off information about Tillman’s death from all but a small ring of soldiers. Officers quietly passed their suspicion of friendly fire up the chain to the highest ranks of the military, but the truth did not reach Tillman’s family for five weeks.

The clampdown, and the misinformation issued by the military, lie at the heart of a burgeoning congressional investigation.

How safe is the Prince from friendly fire or a coverup?

Security

Photoshop and Paint Overflow

Leave a comment

The exploit code circulating right now has all sorts of “have fun” comments. I think there should be a sports channel dedicated to software security.

This particular incident might show up on the “competitive buffer overflows” program.

Or how about a reality show that pits the common corporate development manager and engineers against the wily security consultants and insider threats? I would include outside threats, but frankly I don’t think the outsiders have a chance without some kind of inside connection.

Castles were either breached by long battles of attrition and overwhelming odds, or someone “found” a weakness by paying an insider or someone who had at some point been inside…

Anyway, the breach was reported about a day ago and I have not seen any response from the vendors yet. He suggests that you just need a target user to open a special PNG file in Photoshop or Paint Shop Pro on Windows XP and you can do nasty things like open a backdoor.

Multiple image editing applications are prone to a remote buffer-overflow vulnerability. This issue occurs due to a failure by the software to properly bounds-check user-supplied input prior to copying it to an insufficiently-sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

Perhaps the most annoying thing about this kind of attack vector is that images flow so freely today and Photoshop and Paint are so common. Note that the PNG attack follows the announcement last week by the same author that .BMP, .DIB and .RLE are also suitable methods of attack.